wo 2005/084100 PCT/BR2005/000030 



ACCESS CONTROL SYSTEM FOR INFORMATION SERVICES BASED ON A 
HARDWARE AND SOFTWARE SIGNATURE OF A REQUESTING DEVICE 

The present Invention is related to the identification and authorization for 
service access for computational devices or devices with computational 
5 resources (a "Device"), 

In particular, the present Invention is preferably applicable to sensitive 
and confidential information access, such as bank account information access 
by means of the Internet, secure access to web pages for commercial 
transactions (e-commerce), corporate Intranet access to confidential 
1 0 information, etc. 

PRIOR ART 

The prior art describes several security related devices and 
configurations applicable to access and operation through the Internet. Security 
needs have to be constantly revised in face of the increasing sophistication of 

15 resources used to bypass security systems and fraud electronic access to 
Internet banking and e-commerce. In countries such as the United States of 
America, the high efforts and investments made to thwart criminal actions 
performed by hackers precisely illustrate the importance of guaranteeing user- 
friendly secure online transactions. Many online and Internet operations use 

20 sophisticated security procedures which are based on high levels of complexity 
in an attempt to guarantee the security in accessing online services which 
involve private or confidential information. However, this increased complexity 
results in difficulties posed to legitimate users in accessing such services. This, 
in its turn, results in a lower-than-optimum level of adherence, by users, to 

25 existing forms of online services. 

Other apparently more rigorous security schemas, such as those offered 
on online banking websites are examples of what was explained above. Those 
services behave as if only the user could visualize and/or access the service. 
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Authentication processes based solely on the user (i.e. user/password) are 
susceptible to password tracking. The univocal correspondence between a user 
and his password eases fraud, either by password cloning or by cloning 
accessed webpages, 

5 As an example of the technique, the Irish invention no. 83221 refers to a 

means of uniquely identifying computers and systems. The Invention, on the 
other hand, is able to create signatures that identify a device using only logical 
information and, jointly with the univocal framework and related processes that 
constitute it, it proposes a security system able to complement or substitute 
10 traditional authentication procedures. Although signatures or the idea of using 
extended positivation schema for computational devices have existed for a long 
time, the Invention's uniqueness relies on its process, i.e., its client/server 
architecture conceived to complement or substitute usual authentication 
systems. 

15 Therefore, what is claimed in document no. 83221 involves the creation 

of an unique signature for a device (where a device stands for a processor or a 
processor set composing a network) based on response time statistical 
distribution and other measurements for physical identification of the devices, 
used for purposes that may or may not be applicable for conventional 

20 authentication schemes. The identification process proposed in this document 
also uses some logical techniques, however, unlike the Invention, these 
techniques are used as a complement. The logical techniques proposed in the 
document 83221 do suffice for the creation of a unique identification for a 
device. Although it Is possible to create or compliment an authentication 

25 procedure from the process described in document 83221, that is not its 
Intention, and, moreover, its contents do not consider, directly, the creation of a 
similar process. 
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This Is also what happens with Microsoft's publication titled: PRODUCT 
ACTIVATION FOR WINDOWS XP-TECHNICAL MARKET BULLETIN, This 
publication describes validation methods of Windows XP computer program that 
aim to avoid illegal copies (piracy) or even fraudulent product purchase. The 
5 configurations proposed for these methods also have a univocal characteristic, 
of some complexity for the ordinary user, who would be inhibited to practice 
fraudulent actions. 

SUMMARY 

The present Invention is a technology used to substantially improve the 
10 security involved in an authentication process to access an Internet page, an 
Intranet page, or any other type of computer server or computer-based service 
that requires secure authentication. Any of these services will be cited 
hereinafter as a "SERVICE". The authentication process includes a process 
coupled to the hardware and software configuration profile of a device, resulting 
15 in a unique signature. This signature will be referenced from now on as 
"SIGNATURE". 

Whenever a user tries to access a SERVICE that is using the Invention 
for authentication, the SIGNATURE resulting from the configuration of the 
device from where the user is attempting to use the SERVICE is verified and 

20 compared to a list of authorized device SIGNATURES. If the current device's 
SIGNATURE matches one of the previously registered SIGNATURES, the user 
is allowed to access the SERVICE. If not, the user will either be directed to 
extended positivation or will be denied access to the SERVICE, depending on 
the previously chosen security options. In case the user is submitted to 

25 extended positivation, if his identification is successful, access to the SERVICE 
will be granted and the user will be given the option to include the present 
device in the list of authorized SIGNATURES for his account. If the identification 
is not successful, the user will not be allowed to access the SERVICE. 
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The Invention can be used as a complementary authentication process to 
another existing authentication process (i.e an authentication method based on 
user/ password pair) as to improve its security level. This may be used, 
typically, to access less sensitive applications, such logging onto a web portal or 
5 ISP. 

It is important to stress that the Invention is capable of performing this 
identification without need for any other hardware or software components, 
such as smart cards, identification cards, etc. Therefore, the Invention allows 
the recognition of a device SIGNATURE simply from its usual hardware and 
1 0 software components. 

This document will offer a more in-depth description of possible 
applications of the Invention, however, any application of same described 
herein is offered as an example, and should not be construed as a limitation to 
the scope of the claims. 

DESCRIPTION OF THE DIAGRAMS 

Figure 1 is a diagram that illustrates the basic operation of the present 
Invention. 

Figure 2 is a diagram that shows the process of SIGNATURE deletion. 
Figure 3 is a diagram that represents the deactivation of the Invention's 
security system triggered by a user. 

DETAILED DESCRIPTION OF THE INVEMTION 

System Architecture 

The present Invention was conceived to operate in a distributed 
computational environment that can be implemented by means of the Internet 
25 or in an internal computational network. It is composed of three basic 
components:: 

a) A Software Agent; 

b) An Authentication Server; 
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c) A network-available SERVICE which requires authentication; 
The Software Agent is a program that can discover hardware and 
software asset information from a Device. It is a key component to obtain the 
data that will compose the Device's SIGNATURE. The Software Agent needs 
5 to be installed or downloaded and installed (preferably by using web distribution 
techniques that are able to download and execute a program in a single step, 
such as, ActiveX or a browser plug-in), by means of the Internet or an internal 
network, in order to start the SIGNATURE identification process. 

The Authentication Server is a server that receives a SIGNATURE from a 
10 Software Agent, compares it to a set of authorized SIGNATURES and 
authorizes or not access to a SERVICE. The Authentication Server needs to be 
connected by means of an intemal network or the Internet to the device 
submitted to SIGNATURE recognition, in order to allow the identification 
process to work properly. It is, therefore, an online authentication system. 
15 The Authentication Server has both an interactive and a storage function. 

It interacts with the Software Agent and the SERVICE providing access 
authentication. Besides, it works as a repository of the registered SIGNATURES 
as much as storing the access attempt history (successful or not) of each 
SERVICE user. 

20 The SERVICE is an Internet page, Intranet page or other type of 

computational server or computational service that requires secure 
authentication. The Invention complements other authentication methods or 
security procedures already utilized by the SERVICE, as a pre-identification. 
For example, it may be used to deny the use of the SERVICE from a device 

25 whose SIGNATURE is not registered and recognized, even though another pre- 
identification process could be successfully accomplished by means of other 
coexistent authentication processes (for instance, deny access even if 
user/password pair are correct). 
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Operation 

The operation method of the present Invention is illustrated by the steps 
described below: 

1) A user tries to access a SERVICE submitted to the Invention's 
5 authentication. As the Invention can coexist with other authentication 

processes, the user may be submitted to other authentication or complementary 
security procedures, as a pre-identification, whenever necessary. Typical pre- 
identification processes are: username/password pair, verifying authorized IP 
address ranges, answering specific questions, systems that protect against 
10 "software robots", etc. 

2) If the user has not registered any device SIGNATURE before the 
Invention yet, the user will be led to a web page or software window that 
explains how the Invention works and tells that the user will be submitted to a 
registering process immediately afterwards. 

15 a) This step can be implemented in such a way to be optional, in case 

the SERVICE provider wants to offer the user the option of accessing the 
SERVICE using the Invention or not. In this case, the user may also take the 
initiative of deactivating or reactivating the Invention usage when desired. In 
order to reactivate the Invention usage, the user must identify themselves in 

20 some way (by means of username/password pair, answering questions, etc). It 
is recommended to allow the Invention's deactivation only from the device that 
has the oldest SIGNATURE registered in the account, since this SIGNATURE is 
generally considered to be the most trustable one. 

3) Once the user agrees to use the Invention, they must allow the 
25 SOFTWARE AGENT download and execution on his device, unless this has 

already occurred. This step must be repeated for each device that needs to be 
submitted to the Invention's authentication process. 

4) Once the SOFTWARE AGENT is installed on the user's device, 
the Invention will identify its SIGNATURE and submit it for registration with the 
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SERVICE. Typically, the first registration does not require rigorous 
authentication. 

The SIGNATURE is made from data sampled from the device's hardware 
and software components. The SIGNATURE will identify the device without the 
5 need of any supplementary identification device, such as a smart card. 

The device's Identification is done by detecting and identifying essential 
hardware and software components of the device. The Invention allows tiiat 
some of these components undergo incremental changes without modifying the 
device's SIGNATURE. However, if the device has undergone deep 

10 modifications, its SIGNATURE will be changed. This means that the device will 
be considered as a new device and will not be recognized by the SERVICES 
accessed before then. In this case, the user has to register the new device 
SIGNATURE. It is also important to clarify that changes of components that are 
not considered to be essential may be done without affecting the SIGNATURE. 

15 The SIGNATURE is composed of a group of information hashes 

extracted from hardware and software components. These hashes cannot be 
reversed to recompose the information used to make the SIGNATURE, 
preserving, this way, user privacy and security. It is recommendable that, at 
each transaction, the hashes be grouped in a different way and submitted to 

20 several levels of cryptography. This procedure protects the system even more 
against anyone who attempts to intercept the communication between the user 
device and the Authentication Server and tries, by simply reproducing the 
transmitted data, to pretend to be the original device. 

5) If the user tries to access the SERVICE from a device that was not 

25 previously registered (provided that there was at least one device previously 
registered), the Invention will allow the access only after applying an extended 
positivation (I.e. specific questions besides the username/password pair). If the 
answers are correct, the user will be allowed to access the SERVICE, with the 
option to register (or not) the present device's SIGNATURE, according to the 
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configuration previously chosen. If the identification fails, the user will not be 
allowed to access the SERVICE, 

a) Optionally, in case the user has already reached a determined quantity 
of SIGNATURES associated to his account (defined in accordance with the 

5 implementation needs), he can choose whether the number of SIGNATURES 
should be limited to this quantity or not. Alternatively, it is possible to limit the 
SIGNATURE set in a way to create a closed group of devices that can access 
the SERVICE by means of a given account. These options can be implemented 
in a mandatory way, that is, the user will be able to register SIGNATURES 
10 coupled to his account until a maximum number or only to devices that belong 
to a specific group. 

b) Even in the case that is not allowed to register additional 
SIGNATURES, it is possible, even so to, optionally, access the SERVICE from 
a non-registered device by means of extended positivation. Anyway, the 

15 SIGNATURE of this device CANNOT be added to the existent SIGNATURE set. 
In this case, the SERVICE access from this device is performed strictly as a 
"detached" and temporary operation. 

c) Optionally, it is also possible to specify a maximum number of times a 
SIGNATURE can be present in SIGNATURE lists of different SERVICE users. 

20 This maximum number can even be zero. In this situation, the common device 
will be considered to be a "malicious" one and will be included in a denial list for 
devices that are not authorized to authenticate before the Invention. 

6) Whenever necessary, the user may delete the SIGNATURES 
registered in his account. It is recommended that the SIGNATURE deletion 

25 process be always done from a device considered to be more secure and 
trustable, which is, typically, a device registered in the account before the one to 
be deleted. This way, the user can only delete a given SIGNATURE if it Is using 
a device whose SIGNATURE had been registered BEFORE the SIGNATURE 
being deleted. It is also recommendable that the oldest SIGNATURE can be 

30 deleted only from the device it was originally created. 
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7) Once the user keeps accessing the page regularly by means of the 
Invention, it will be able to provide past information about all access or access 
attempts performed upon the user account. This historical information will 
remain stored even if the user decides to deactivate, even though temporarily, 
5 the usage of the system of the present Invention. 



